New App Note Day: Internet of Pillows

The Internet of Things is a cancer that consumes all reasonable expectations of technology, opens vast security holes we’ve never had to deal with before, and complicates life in the pursuit of quarterly gains from whatever technology startup is hot right now. We are getting some interesting tech out of it, though. The latest in the current round of ‘I can’t believe someone would build that’ is the Internet of Pillows. No, it’s not a product, it’s just an application note, but it does allow us to laugh at the Internet of Things while simultaneously learning about some really cool chips.

The idea behind this ‘smart’ pillow is to serve as a snoring sensor. When the smart pillow detects the user is snoring, a small vibration motor turns on to wake up the user. There’s no connectivity in this smart pillow, so the design is relatively straightforward. You need a microphone or some sort of audio sensor, you should probably have a force-sensitive resistor so you know the pillow is actually being used, and you need a vibration motor. Throw in a battery for good measure. Aside from that, you’re also going to need a microcontroller, and that’s where things get interesting.

This application note was written as a demonstration of what Dialog’s GreenPAC devices can do. We’ve seen these things before, and the idea behind these devices is something like a ‘modern-day PAL’ or ‘a really, really limited FPGA’. It’s a bit more than that, though, because the GreenPAC devices are mixed-signal, there are some counters and latches in there, and all the programming is done through a graphical IDE. If you need a small, low-power chip that only does one thing, the GreenPAC is right up your alley.

So, how does this device detect snoring? The code pulls data from the sound sensor every 30 ms, with a 5 ms time window. If this sound repeats again within six seconds, it’s assumed the user is snoring. The logic then turns on the vibration motor, greatly annoying whoever is sleeping. All of this is done through a graphical IDE, which I’m sure will draw the ire of some, but there really aren’t that many pins or that many LUTs on GreenPAC devices, so it’s never going to get too out of hand.

The GreenPAC is a very interesting family of parts that we don’t see too much of around here. That’s a shame, because for low-power applications that don’t need a lot of horsepower, the GreenPAC seems like it would be very useful. Slightly more useful than an Internet of Things pillow, at least.

The Internet of Three-Pointers

When tossing something into the rubbish bin, do you ever concoct that momentary mental scenario where you’re on a basketball court charging the net — the game’s final seconds ticking down on the clock — making a desperate stretch and flicking some crumpled paper perfectly into the basket only for no one to notice your awesome skills? Well, now you can show off how good you are at throwing out garbage.

Well, not strictly garbage. The genesis of this IoT basketball hoop was in fact an inflatable ball on [Brandon Rice]’s desk that he felt would be more fun to fidget with if he could keep score. The hoop and backboard were laser cut on his Epilog cutter, and sport a Particle Photon to track and upload his running point tally to the Internet. An Arduino and IR sensor detect objects passing through the hoop — ultrasound proved to be too slow to keep up with [Rice]’s shots.

Continue reading “The Internet of Three-Pointers”

Memcached Servers Abused For DDoS Attacks

Cloudflare announced recently that they are seeing an increase in amplification attacks using memcached servers, and that this exploit has the potential to be a big problem because memcached is capable of amplifying an attack significantly. This takes DDoS attacks to a new level, but the good news is that the problem is confined to a few thousand misconfigured servers, and the solution is to put the servers behind a tighter firewall and to disable UDP. What’s interesting is how the fundamental workings of the Internet are exploited to create and direct a massive amount of traffic.

We start with a botnet. This is when a bunch of Internet-connected devices are compromised and controlled by a malicious user. This could be a set of specific brand of web camera or printer or computer with unsecured firmware. Once the device is compromised, the malicious user can control the botnet and have it execute code. This code could mine cryptocurrency, upload sensitive data, or create a lot of web traffic directed at a particular server, flooding it with requests and creating a distributed denial of service (DDoS) attack that takes down the server. Since the server can’t distinguish regular traffic from malicious traffic, it can’t filter it out and becomes unresponsive.

This DDoS attack is limited to the size of the botnet’s bandwidth, though. If all the web cameras in the botnet are pounding a server as fast as they can, the botnet has reached its max. The next trick is called an amplification attack, and it exploits UDP. UDP (as opposed to TCP) is like the early post office; you send mail and hope it gets there, and if it doesn’t then oh well. There’s no handshaking between communicating computers. When a device sends a UDP packet to a server, it includes the return address so that the server can send the response back. If the device sends a carefully crafted fake request with a different return address, then the server will send the response to that spoofed return address.

So if the web camera sends a request to Server A and the response is sent to Server B, then Server A is unintentionally attacking Server B. If the request is the same size as the response, then there’s no benefit to this attack. If the request is smaller than the response, and Server A sends Server B a bunch of unrequested data for every request from the camera, then you have a successful amplification attack. In the case of memcached, traffic can be amplified by more than 50,000 times, meaning that a small botnet can have a huge effect.

Memcached is a memory caching system whose primary use is to help large websites by caching data that would otherwise be stored in a database or API, so it really shouldn’t be publicly accessible anyway.  And the solution is to turn off public-facing memcached over UDP, but the larger solution is to think about what things you are making available to the Internet, and how they can be used maliciously.

Finished Dryer Will Text You

Here’s a slightly different way to check on the status of your laundry. Instead of checking if the machine is vibrating, or listening for sound, or pulling everything apart and hacking an ESP8266 into it, check the power that the machine is drawing. This is what [Scrand] did in his IoT dryer build.

The secret behind the hack is the Sonoff POW, a small device that sits in between the wall and the dryer. It has a relay in it that controls it, but, importantly for this hack, it’s able to measure the power consumption used by what’s plugged into it. By installing the ESPurna firmware on it, he can now use all the power of the firmware to control and monitor what’s connected to the POW. He wrote a PowerShell script to monitor the http server now running on the POW checking on how much power is being drawn by the dryer. When that power drops, the laundry is done, and in the case of [Scrand], a text is sent saying so.

When you’re sitting on the couch relaxing, why get up every five minutes to check your laundry when you can have it text you when you know it’s done? Then you can decide whether to get up and deal with it or just leave it until later. The whole reason ESPurna exists to begin with is to check on the status of the laundry.  Or, you can go a bit overboard with this laundry room monitor.

Internet of Things Opens Possibilities

While a lot of hardware gets put on the “Internet of Things” with only marginal or questionable benefits (or with hilariously poor security), every now and then a project makes use of this new platform in a way that illustrates the strengths of IoT. [ThingEngineer] turned to this platform as a cost-effective solution for an automatic gate, since new keyfobs were too expensive and a keypad was not an option.

Using an Electric IMP, [ThingEngineer] began by installing his IoT patch into the LiftMaster gate control box. This particular gate has easily accessible points that the controller can access to determine the gate’s status, so from there, an API was written to do the heavy lifting. A web server was deployed as well, so anyone with access can use a smartphone or other device to open the gate.

For anyone else looking to deploy a similar IoT solution, [ThingEngineer] has put all of the project code, schematics, and a thorough write-up about the project on his GitHub page. There are many useful ways to get on board the Internet of Things, though; so many that it’s been possible to win a substantial prize for using it in a creative way.

Review: IoT Data Logging Services with MQTT

For the last few months, I had been using Sparkfun’s Phant server as a data logger for a small science project. Unfortunately, they’ve had some serious technical issues and have discontinued the service. Phant was good while it lasted: it was easy to use, free, and allowed me to download the data in a CSV format. It shared data with analog.io, which at the time was a good solution for data visualization.

While I could continue using Phant since it is an open-source project and Sparkfun kindly releases the source code for the server on Github, I thought it might be better to do some research, see what’s out there. I decided to write a minimal implementation for each platform as an interesting way to get a feel for each. To that end, I connected a DHT11 temperature/humidity sensor to a NodeMCU board to act as a simple data source.

Continue reading “Review: IoT Data Logging Services with MQTT”

Casa Jasmina Two Years On

[Bruce Sterling], author of fiction and nonfiction tomes aplenty, wrote up one of his projects for Makezine: Casa Jasmina, an IoT “house of the future”. Located in Torino, Italy, it was built upstairs from the Torino Fab Lab as a collaboration between [Bruce], his wife [Jasmina Tesanovic], and a number of other contributors. The original vision was for Casa Jasmina to be jam packed with cool laser-cut furniture, glowing LED projects, and other Maker Faire goodies.

In his piece, however, [Bruce] dials back Casa Jasmina’s technology focus. At a time when people add dodgy WiFi-capable devices to their house willy-nilly, he made it clear that it’s not just a huge assembly of projects no one fully understands. The concept of “making”, [Bruce] writes in his piece, involves algorithms and circuit boards and computer-controlled fabrication machines, and marginalizes those who don’t understand or find fascinating technological innovations. To those who love fabrication, for instance, there is a giddiness involved in creating one’s own chair out of plywood — but end users mostly just care that the creation works like a chair. The place is an AirBNB which makes it a great testbed for providing only what is needed, trusted, and stable.

For  more futuristic houses, check out our coverage of 3D-printed concrete houses and this Pi-controlled automated green house.